First commit

2025-07-22 02:30:15 +02:00
commit e9441f563b
66 changed files with 4401 additions and 0 deletions
--- a/modules/networking/openfortivpn.nix
+++ b/modules/networking/openfortivpn.nix
@@ -0,0 +1,81 @@
+{
+  pkgs,
+  ...
+}:
+let
+  openfortivpn-addroute = pkgs.writeShellScript "openfortivpn-addroute.sh" ''
+
+    sleep 2
+    ${pkgs.iproute2}/bin/ip route add 172.16.0.0/12 dev ppp0
+    ${pkgs.iproute2}/bin/ip route del default
+    ${pkgs.iproute2}/bin/ip route add default via 192.168.0.254
+    ${pkgs.coreutils-full}/bin/cat << EOF > /etc/resolv.conf
+    search ville.besancon
+    nameserver 172.18.96.1
+    nameserver 172.18.96.2
+    EOF
+  '';
+  openfortivpn-delroute = pkgs.writeShellScript "openfortivpn-delroute.sh" ''
+
+    sleep 2
+    ${pkgs.coreutils-full}/bin/cat << EOF > /etc/resolv.conf
+    nameserver 10.0.0.1
+    nameserver 2001:41d0:303:20da::1
+    nameserver 217.182.138.218
+    nameserver 9.9.9.9
+    EOF
+  '';
+
+  myMount = description: what: where: {
+    inherit description what where;
+    type = "cifs";
+    options = "credentials=/etc/nixos/smb-secrets,uid=beastie,gid=users";
+  };
+  myAutoMount = description: where: {
+    inherit description where;
+    requires = [ "network-online.target" ];
+    after = [ "network-online.service" ];
+    wantedBy = [ "multi-user.target" ];
+    automountConfig = {
+      TimeoutIdleSec = 30;
+    };
+  };
+in
+{
+  environment.systemPackages = [
+    pkgs.openfortivpn
+    pkgs.cifs-utils
+  ];
+  systemd.services."openfortivpn" = {
+    enable = true;
+    #wantedBy = lib.mkForce [ ];
+    unitConfig = {
+      Description = "OpenFortiVPN";
+      After = "network-online.target";
+      Wants = "network-online.target systemd-networkd-wait-online.service";
+      Documentation = [
+        "man:openfortivpn(1) https://github.com/adrienverge/openfortivpn#readme https://github.com/adrienverge/openfortivpn/wiki"
+      ];
+    };
+    serviceConfig = {
+      Type = "notify";
+      PrivateTmp = "true";
+      ExecStart = "${pkgs.openfortivpn}/bin/openfortivpn --no-dns";
+      ExecStartPost = "${openfortivpn-addroute}";
+      ExecStopPost = "${openfortivpn-delroute}";
+      #Restart = "on-failure";
+      #OOMScoreAdjust = "-100";
+    };
+  };
+
+  systemd.mounts = [
+    (myMount "GBM Perso" "//vf-mc2-sfic06.ville.besancon/usr_s$/SALVIJER/Mes Documents"
+      "/gbmshares/perso"
+    )
+    (myMount "GBM Services" "//vf-mc2-sfic06.ville.besancon/08TIC" "/gbmshares/services")
+  ];
+  systemd.automounts = [
+    (myAutoMount "GBM Perso automount" "/gbmshares/perso")
+    (myAutoMount "GBM Services automount" "/gbmshares/services")
+  ];
+}